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PROCESS FOR CREATING AND MANAGING AT LEAST ONE 
CRYPTOGRAPHIC KEY, AND SYSTEM FOR ITS IMPLEMENTATION 

The present invention concerns the field of secure computer systems, and more 
particularly, cryptographic keys. It relates to a process for creating and managing at least one 
cryptographic key, and the associated certificate in the case of a pair of asymmetrical 
cryptographic keys, and a computer system for its implementation. 

The Prior Art 



p 1 Cryptography makes it possible to secure and protect access to electronic documents 

□ using encryption and signature functions. 

%l Encryption is the transformation of data (plain text) into a form that is unreadable 

f (encrypted text) for a person who does not know the decryption method, by means of a 

fiilS parameterizable function called the encryption key. Conversely, it is necessary to have the 
f!~ decryption key in order to transform an encrypted text into a plain text. 

Ci 1 Signature is a means of authentication that allows the recipient to verify the source 

and the integrity of a received message. It also uses the key principle mentioned above. 
In a multi-user environment, encryption and signature increase the security of 
20 communications through unprotected lines like, for example, the Internet. 

There are known secure computer systems in which the encryption keys are created 
individually by an administrator, possibly at the initiation of a user. Thus, when a new user 
wishes to integrate the secure system and have keys, he requires the creation of one or more 
keys by the administrator. Upon receipt of the request, the administrator creates a key for the 
25 user in question. 

This results in an increase in complexity when the number of users increases, and 
consequently a substantial wait to obtain a key. The user integrating a secure system is forced 
to wait in order to obtain a key and communicate in a protected fashion in said system. 
The present invention more particularly concerns the field of symmetric key 
30 cryptography, as well as the field of asymmetric key cryptography. 

A key is symmetrical when it is used both to generate and to decrypt the encrypted 
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text. 

Asymmetric keys are called public/private keys; the key used to encrypt the 
information is different from that used to decrypt it. The public key is conveyed in a 
certificate. The certificate is obtained from a Certification Authority (CA). 

The certification of a public key by a certification authority outside the secure system 
in question increases complexity in the management of the users and their keys and 
certificates. Furthermore, the secure system quite often communicates with the certification 
authority in an offline mode, which increases the degree of complexity. 

The user has no knowledge of the status of the creation and certification of his keys, 
and particularly of any deadlock that may occur while they are in progress. 

The certificate has a validity period after which it must be renewed. The user who 
does not watch for the expiration time of his certificate may find himself unable to use his 
public key. When the certificate of his public key is no longer valid, the user must request a 
new certification and is forced to wait for the issuing of a certificate by the certification 
authority before he can again communicate in a protected fashion in the system. 

When a user suspects that a third party has gained knowledge of his private key, or 
when a user changes his name or certification authority, the user can request the revocation of 
the certificate for his pair of keys. 

The certification authority revokes the certificate at the request of the user in question, 
and the user can then request a new certificate or a new pair of keys and an associated new 
certificate. 

Just like the creation of keys, the certification, and more particularly the 
communication with the certification authority, becomes increasingly difficult for an 
administrator to manage when the number of users of the system increases. 

One object of the present invention is to simplify the procedure for creating pairs of 
keys and for certifying public keys, and to reduce the wait for obtaining a pair of keys and/or 
a certificate. 

Another object of the invention is to simplify certification in a system that 
communicates with a certification authority in an asynchronous mode. 

Another object of the invention is to know the status of the procedure for creating a 
pair of keys as well as that for certification. 
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Another object of the invention is to facilitate the renewal of expired certificates and 
of pairs of keys whose certificate has been revoked. 

Summary of the Invention 

5 

In this context, the present invent ion pro poses_;a4XK2cess^ for creating and managin g 
pairsof as ymmetrica l cryptographic keysandjissoc^ each pair of keys being 

intended for a subject managed by a computer system, characterized in that it consists of: 

y • searching in storage means for at least one subject for which a pair of asymmetric 

4"10 keys and an associated certificate must be created; 

Ci • creating at least one individual request for creating and certifying a pair of asymmetric 

^ keys for said subject; 

O • transmitting said individual creation and certification request to a key generating 

^ center, which issues a pair of asymmetric keys in accordance with said request; 

{^15 • creating at least one individual request for certifying the public key created for. said 
Ul subject; 

zl • transmitting said individual certification request to a certification authority, which 

issues a certificate in accordance with said request. 

The present invention also proposes a process for_creating and managing public key 
20 ^ certificates, each certificate being intended for a public key of a subject managed by the 
computer system, characterized in that it consists of: 

• searching in storage means for at least one pair of asymmetric keys for the public key 
for which a certificate must be created; 

• creating at least one individual request for certifying the public key; 

25 • transmitting said individual certification request to a certification authority, which 
issues a certificate in accordance with said request. 

The present invention also relates to a process for creating and managing symmetrical 
cryptographic keys, each key being intended for a subject managed by a computer system, 
characterized in that it consists of: 
30 • searching in said storage means for at least one subject for which a symmetric key 

must be created; 
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• creating at least one individual request for creating a symmetric key for said subject; 

• transmitting a request corresponding to said individual creation request to a key 
generating center, which issues a symmetric key in accordance with said request. 
The present invention also relates to a computer system that makes it possible to 

create and manage pairs of asymmetrical cryptographic keys and/or certificates associated 
with the pairs of keys, the pairs of keys and the certificates being intended for a subject 
managed by said system, characterized in that it comprises means for automating the creation 
and/or certification of at least one pair of keys for each subject managed by the system. 

The present invention also proposes a computer system that makes it possible to 
create and manage symmetrical cryptographic keys, the keys being intended for a subject 
managed by said system, characterized in that it comprises means for automating the creation 
of at least one key for each subject managed by the system. 



Other characteristics and advantages of the invention will become clear in light of the 
following description, given as an illustrative and non-limiting example of the present 
invention in reference to the attached drawings, in which: 

• Fig. 1 is a simplified global diagram of the computer system according to the present 
invention; 

• Fig. 2 represents an organizational unit in the form of a tree; 

• Fig. 3 represents a diagram of steps in the process according to one embodiment of 
the present invention, applied to a part of the organizational unit represented in Fig. 2. 



The embodiment of the invention described below relates to the creation and 
management of pairs of asymmetrical cryptographic keys and the associated certificates. The 
principle of the invention is also applicable to the creation and management of symmetrical 
cryptographic keys. 

The principles of public/private key cryptography are briefly summarized below. 



Presentation of the Figures 



Description of ajfiEnibodinient of the Invention 
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Each user has a pair of asymmetric keys, one public key and one private key. 
The private key is personal, known and kept secret by the only legitimate holder of 
this key, who uses it to decrypt received messages or to sign messages. The public key is 
made public: it is known by everyone and is used to encrypt documents or to verify 
5 signatures. To sign a document, a user uses his private key; the private key being secret, only 
said user can sign a document using this key. Anyone can verify the signature of the said user 
using said user's public key. To encrypt a document, anyone can use a user's public key. Said 
user decrypts the document using his private key, which only he knows. 
f=% It is necessary to provide a system that makes it possible to verify that a given public 

^flO key is actually associated with the legitimate holder and that it is really him who is using it. 
01 This problem gave rise to certificates. A certificate is a digital document attesting to a 

person's ownership of a public key. Such a certificate must be issued by a recognized 
\Z institution, called a certification authority (CA). The certificate allows the holder to prove to 
~ anyone that the public key associated with this certificate belongs to him and that he will be 

n |1 5 able to decrypt the messages that any person sends to him using this public key. When a 

person signs and sends a document, the recipient obtains the certificate of the sending person, 
ul The recipient can verify the veracity of the certificate with the certificate from the 
certification authority; he can then verify the signature of the sender. 
A certificate generally comprises the following elements: 
20 • the public key; 

• the name of the owner; 

• the expiration date of the certificate; 

• the name of the certification authority; 

• the serial number of the certificate; 

25 • the signature of the certification authority. 

As illustrated in Fig. 1, the computer system 1 according to the present invention 
includes a server 2 or a workstation or any other equivalent known means. The server 2 
comprises at least: 

a central management service 3 IUM (Integrated User Management). The central 
30 management service 3 includes a man/machine interface 4; 

• a local registration authority 5 (LRA) comprising a periodic wakeup mechanism 6 for 
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periodically activating the local registration authority 5; 
a reference central security base 7 (SIB, Security Information Base); 
• a key generating center 8 comprising a key server 9 and a key generator 10. The key 
generator 10 includes storage means 1 1 consisting in a memory space or hard disk or 
5 any other equivalent known type of storage means. 

The computer system 1 also has access to at least one certification authority (CA) 12. 
According to another embodiment of the invention, the server does not contain the 
key generating center 8. The computer system 1 has access to a key generating center 8 
outside the server 2. It is possible, for example, for the certification authority 12 to have a key 
*it s 1 0 generating center 8 used by the system 1 to create its keys. 

J* The central management service 3 is a process activated at the request of an 

M administrator or user. 

?l The local registration authority 5, the periodic wakeup mechanism 6, the key server 9 

^ and the key generator 1 0 are demons running as background tasks. 

p s 15 In the sense of the present description, a demon is a process that is created at the 

LI system startup or at dates set by the system administrator, and that is only interrupted when 

Ul the system is turned off. A process is a program currently running at a given instant, the 

program itself constituting an inert object stored in a reserved memory space or the 
equivalent. It corresponds to a logical sharing of the work in the operating system of the 
20 server 2. The activity in a system is generated by the processes. Memory spaces or any other, 
known storage means are reserved for the storage of programs corresponding to the above- 
mentioned demons. 

The central security base 7 is a relational database, an object-oriented database, a 
directory or any other means for storing and sequencing data. 
25 The certification authority 12, in the embodiment described, consists in a remote 

workstation, a remote server of any other equivalent means capable of working in the offline 
mode (disconnected from the server 2) or in the online mode (connected to the server 2). The 
exchanges between the server 2 and the certification authority 12 are secure; the local 
registration authority 5 and the certification authority 12 each specifically have a pair of keys 
30 that enables them to sign their exchanges. 

The exchanges between the local registration authority 5 and the key generating center 
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8 are secure; they belong to the same server 2 and use a proprietary protocol specific to the 
server 2 in order to dialog. 

The computer system 1 according to the present invention manipulates the following 
objects: 

5 • geographic unit/organizational unit; 

• user; 

• application; 

• certification authority; 
C3 • model pair of keys; 

4™ 10 • model certificate; 

'f* • certificate extension; 

p • multiple requests for creating and certifying pairs of 

□ keys; 

I B • pair of keys; 

HJ 15 • multiple requests for certifying public keys; 

yi • certificate. 

According to one particular embodiment of the invention, the system also manipulates 
the object: 

• request for revocation of a certificate. 

20 The objects "user" and "application" are also called subjects. Each object or subject 

comprises attributes that characterize it. 

The objects "geographic unit/organizational unit" are for describing users or 

applications based on geographic or organizational criteria; any other type of criteria for 

defining a set of users or applications can be used. Fig. 2 represents an exemplary 
25 organizational unit in the form of a tree. In this example, the organizational unit relates to a 

computer facility of a company. The object "geographic unit/organizational unit" comprises 

as attributes the multiple requests for creating and certifying pairs of keys and the multiple 

requests for certifying public keys. 

The subjects "user" and "application" respectively represent a physical person and an 
30 application, both of which use pairs of keys. In Fig. 2, Marie, Louis, Jacques, etc., are user 

subjects (physical persons). The subjects "user" and "application" have attributes that contain 
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the information required for their identification in the object "certificate," such as a name in 
accordance with the RFC 822 standard, information for the extension of certificates defined 
by the administrator. The subjects "user" and "application" also have as attributes pairs of 
keys and multiple creation and certification requests. A subject can have several pairs of keys, 
5 each pair of keys corresponding to a different specific use, for example a pair of keys used for 
encryption and a pair of keys used for signature. 

The object "certification authority" represents the certification authority 12, which 
certifies public keys and issues certificates with extensions and which also revokes 
certificates at the request of a user or an administrator. The certificate format recognized 
10 today is defined by CCITT recommendation X.509 V3. The certificates can be read or written 
by any X.509-compatible software. The attributes of the object "certification authority" are 
the name and address of the authority in question, the model certificates issued by the 
authority, the certificates issued by the authority, and the certificate of the certification 
authority in question. 

15 The object "model pair of keys" has as attributes the algorithm to be used with the pair 

of keys, the length of the keys, the multiple creation and certification requests, and the 
possible use for the pair of keys, for example data signature, key encryption or certificate 
signature. It makes it possible to define a family of pairs of keys used by subjects of the same 
geographic, organizational or other unit, and thus to construct a multiple request for a given 

20 unit, as will be seen below. 

The object "model certificate" has as attributes the certification authority, the validity 
period, the extensions, the multiple creation and certification requests, and the multiple 
certification requests. A subject may have several certificates issued by different certification 
authorities for the same pair of keys. The object "model certificate" makes it possible to 

25 define a family of certificates used by subjects of the same geographic, organizational or 
other unit and thus to construct a multiple request for a given unit, as will be seen below. 

The object "extension" defines additional data entered into the certificate. The object 
"extension" comprises as attributes an identifier, a flag indicating whether or not the 
extension is critical, attributes of objects that will contain the data to be entered into the 

30 extension, an encoding rule that makes it possible to encode the data entered into the 
certificate. The object "attributes," which will contain the data to be entered into the 
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extension, can be chosen from the attributes of the subjects, the certification model, the 
certification authority, the multiple certification request or the extension. The object 
"extension" also comprises as an attribute the model certificates. 

Thus, for example, the extension of a certificate could contain a particular identifier, a 
5 non-critical flag, a user's age and an encoding rule. 

The multiple request for creating and certifying public keys comprises an attribute 
defining a set of "key user" subjects. The subjects in the set are explicitly named, or searched 
for based on preset criteria such as geographic or organizational criteria. Thus, for example, 
n the set in the multiple request relative to the computer facility in Fig. 2 is defined in the form 
MO of a tree. It is also possible to have one multiple request per level, and to explicitly name all 
01 of the users for the level in question. For example, the set of a multiple request for the 
U keyboard sub-unit comprises the users Herve and Lucie, explicitly named or determined 
^ based on organizational criteria, i.e., all the subjects belonging to the keyboard sub-unit. The 
3 object "multiple request for creating and certifying pairs of keys" also has as attributes the 

^15 model pair of keys and the model certificate to be used, information that makes it possible to 
p~ know the conditions under which it is necessary to create keys (lack of keys for a user and of 
y;3 a corresponding individual creation and certification request, creation requested by an 
~* administrator, revocation of a certificate and creation requested after this revocation). It also 
comprises a scheduling attribute. The scheduling attribute indicates the date as of which the 
20 multiple request in question should be executed, and whether the request should be executed 
only once. If the scheduling attribute reveals that the certification request should not be 
executed just once, the request is executed with each call by the system, and more precisely 
by the periodic wakeup mechanism 6, until the system shutdown. The object "multiple 
request" also comprises an attribute relative to the status of the creation. The attribute relative 
25 to the status of the creation has values such as "pending," in progress," "sending a creation 
request," "done," "process ended with an error message." 

The object "individual request for creating and certifying a pair of keys" corresponds 
to the object "multiple request" in which an individual subject is identified. 

The object "pair of keys" contains as attributes the holder of the pair of keys, the 
30 values of the public and private keys, the algorithm to be used with the pairs of keys, the 
length of the keys, the type of use for the keys, the creation date of the keys, the associated 
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certificates, the multiple certification requests. Several certificates issued by different 
certification authorities can be associated with the same pair of keys. 

The object "multiple request for certifying public keys" has as attributes a set of 
public keys to be certified, which belong to subjects explicitly named or defined by 
5 geographic, organizational or other criteria. The object "multiple request for certifying public 
keys" also comprises as attributes the model certificate to be used, information that makes it 
possible to know the conditions under which it is necessary to certify a key such as, for 
example, the lack of a certificate and an individual certification request, certification 
requested by an administrator, the expiration of the validity period of the certificate, the 

1 0 revocation of a certificate for a pair of keys and certification request for said pair of keys that 
the user wishes to keep after the revocation, etc. The multiple request is preferably executed 
before the certificate in question has expired. Thus, the embodiment described provides for 
the certification of all the public keys whose certificates expire during the period of activation 
of the local registration authority 5. The period of activation of the local registration authority 

15 by the periodic wakeup mechanism 6 is, for example, twice as long as that required on 

average for the certification authority to issue a certificate. If, for example, the certification 
authority takes an average of five days to certify a public key, the activation period of the 
local registration authority is ten days; thus, if a certificate expires seven days after the 
activation of the local registration authority by the mechanism 6, said certificate expires 

20 within the ten-day activation period of the local registration authority, and a new certificate 
must be requested from the certification authority. If the certification authority takes, for 
example, five days to send this new certificate, a new certificate will be ready five days after 
the activation of the local registration authority and two days before the expiration of the old 
certificate. The user in question will therefore always have a certificate at his disposal; the 

25 renewal will be transparent for him. The object "multiple request for certifying public keys" 
also contains an attribute relative to the status of the certification. The attribute relative to the 
status of the certification has values, for example the values "pending," "in progress," 
"sending creation request," "done," "process ended with an error message." 

The object "individual public key certification request" corresponds to the object 

30 "multiple request," in which only one public key, and hence only one pair of keys, is 
identified. 
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The object "certificate" has as attributes the holder of the certificate, the associated 
pair of keys, the issuing certification authority, the value of the certificate and the validity 
period. 

If an object "request for revocation of a certificate" is provided, said object comprises 
5 the following attributes: the certificates and/or the certification authority in question, the 

status, the cause of the revocation (a user's suspicion that his key has become known to a third 
party, change in the holder's identity). The revocation request also indicates whether a pair of 
keys should be created after said revocation or whether the pair of keys for which the 
certificate has been revoked should be retained and re-certified. The processing of the 
J 0 revocation will not be described below, but the basic principle of an adapted request is the 
J; same as for the creation and the certification. 

H All of the objects and subjects, as well as the links between them, are stored in the 

ri central security base 7. Each object and subject in the central security base 7 has a unique 
~* identification and is accessible by the administrator through the man/machine interface 4. 
Ml 5 The local registration authority 5 is represented in the central security base 7 in the 

[1 form of a subject of the application type. The local registration authority 5 has a pair of keys 
^ j stored in the base 7 during the installation of the system according to the invention. The pair 
42 of keys of the local registration authority 5 is used to protect exchanges between the local 
registration authority 5 and the certification authority 12. The certification authority 12 also 
20 has a pair of keys for protecting its exchanges with the local registration authority 5. 

According to one particular embodiment of the invention, only the public key is 
stored in the central security base. The object "pair of keys" contains only the value of the 
public key. The private key can be, for example, integrated into a chip card. 

The administrator of the system 1 , using the man/machine interface 4, enters 
25 information specific to the environment into which the system 1 is integrated. The 
administrator defines the subjects in question, for example based on geographic, 
organizational or other criteria. He declares the model certificates, the model pairs of keys, 
the certification authorities, the certificate extensions. He defines multiple creation and 
certification requests and multiple certification requests for sets of subjects, including those 
30 defined above. The central management service 3 creates the corresponding objects or 

subjects by defining their attributes from the specific information entered. The objects and 
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subjects created are stored in the central security base 7. 

It is also possible to import, per program, objects or subjects such as, for example, the 
subject "user" or the object "pair of keys" or "certificate," and to store them in the central 
security base 7 in the form described above. 

The central security base 7 is managed and updated by the central management 
service 3. 

The administrator can, at any time, through the man/machine interface 4, enter new 
subjects, new requests for creating pairs of keys and/or new certification requests, or any 
other object, which is then stored in the central security base 7. 

The process according to the present invention consists of: 

• searching in the central security base 7 for at least one subject for which a pair of 
asymmetric keys and an associated certificate must be created; 

• creating at least one individual request for creating and certifying a pair of asymmetric 
keys for said subject; 

• transmitting a request corresponding to said individual creation and certification 
request to the key generating center 8, which issues a pair of asymmetric keys in 
accordance with said request; 

• creating at least one individual request for certifying the public key created for said 
subject; 

• transmitting a request corresponding to said individual certification request to the 
certification authority 12, which issues a certificate in accordance with said request. 
The search in the central security base 7 is performed periodically. The periodic 

wakeup mechanism 6 periodically activates the local registration authority 5. The activation 
period of the local registration authority 5 can be modified by the administrator. 

According to one particular embodiment of the invention, the local registration 
authority 5 activated by the periodic wakeup mechanism 6 searches for all the multiple 
requests for creating and certifying pairs of keys stored in the central security base 7 wherein 
the scheduling attribute corresponds to an execution date that has arrived or passed. The local 
registration authority 5 gives the attribute relative to the status of the multiple requests found 
the value "pending." In Fig. 3, a multiple request for creating and certifying the keyboard unit 
has been found. 
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For each of the multiple creation and certification requests found, the local 
registration authority 5 searches for all of the subjects involved in the request in question for 
which a pair of keys must be created, and more precisely, for which a condition under which 
it is necessary to create at least one pair of keys is fulfilled (lack of a pair of keys and a 
corresponding individual creation and certification request for the subject in question, 
revocation of a certificate and creation requested after this revocation). The condition 
"creation requested by an administrator" is only considered when an administrator requests 
the immediate creation of a pair of keys through the man/machine interface, as will be seen 
below. For each subject found, the local registration authority 5 creates an individual request 
for creating and certifying a pair of keys from the multiple request in question. To do this, the 
local registration authority 5 communicates with the central security base 7. It retrieves from 
the central security base 7 the information it needs to construct each of said individual 
requests, including the model pair of keys and the model certificate given in the multiple 
creation and certification request. In Fig. 3, two individual requests are created for each user 
of the keyboard unit lacking a pair of keys, in this case Herve and Lucie. It gives the attribute 
relative to the status of the individual request in question the value "in progress." 

Several individual requests for creating and certifying a pair of keys can be created for 
a given subject. Each individual request corresponds to a specific use for of the pair of keys 
(data signature, key encryption or certificate signature, etc.) and hence to a particular model 
pair of keys. Each individual request can also correspond to a given certification authority and 
hence to a particular model certificate. 

The administrator can, at any time, request the creation and certification of a pair of 
keys for a given subject through the man/machine interface 4; the administrator enters all the 
information necessary to the creation of an individual creation request and an associated 
individual certification request, including the model pair of keys and the model certificate; the 
authority can then directly create said individual creation request and the corresponding 
certification request for the given subject. The conditions "creation requested by an 
administrator" and "certification requested by an administrator," in which it is necessary to 
create at least one pair of keys and one certificate, are fulfilled. The local registration 
authority gives the attribute relative to status of the individual request in question the value 
"in progress." The process then works as described below for the individual creation and 
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certification request derived from a multiple request. 

For each individual creation and certification request created, the local registration 
authority 5 sends a corresponding request for a pair of keys to the key generating center 8, 
and more specifically to the key server 9. The content of the creation request corresponds to 
5 that of the individual creation and certification request; only its structure is modified so as to 
be adapted to the communication means used between the local registration authority 5 and 
the certification authority 12. 

Once the request is transmitted, the local registration authority 5 gives the attribute of 
the individual creation and certification request relative to the status of the creation the value 
1 0 "sending a request." 

The key generator 10 continuously produces pairs of keys in accordance with the 
given algorithms and key sizes and stores them in the storage means 1 1 of the generator. 

The key server 9, upon receiving the request from the local registration authority 5, 
extracts from the storage means 1 1 of the key generator 11a key of the type defined in the - . 
15 request sent by the local registration authority 5. The key server 9 transfers the extracted pair 
of keys to the local registration authority 5. 

In the event that the generator 10 does not succeed in creating a key, it transmits an 
error message to the local registration authority 5. The local registration authority 5 changes 
the value of the attribute of the individual request in question relative to the status of the 
20 creation to give it the value "process ended with an error message." 

Upon reception of the pair of keys issued by the key server 9, the local registration 
authority 5 creates a corresponding object "pair of keys" in the central security base 7. The 
, local registration authority 5 stores the pair of keys created in this base. In Fig. 3, two pairs of 
keys are stored in the local security base 7, one for Herve and the other for Lucie. The local 
25 registration authority 5 changes the value of the attribute relative to the status of the creation 
of the individual request in question to give it the value "process done." 

The local registration authority 5 destroys the individual creation request associated 
with the subject in question and creates an individual request for certifying the corresponding 
public key created. 

30 The local registration authority 5 retrieves from the central security base 7 the 

information it needs to construct each of said individual certification requests, including the 
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model certificate given in the multiple creation and certification request. The model 
certificate specifically contains the certification authority and the extensions. From the 
extensions, the local registration authority 5 obtains the encoding rules that make it possible 
to encode the data to be entered into the certificate. It applies said rule in order to encode each 
extension into the certificate contained in the individual certification request in question. The 
condition "no certificate," in which it is necessary to create at least one pair of keys, is 
fulfilled. The local registration authority 5 changes the value of the attribute of the individual 
request in question relative to the status of the certification to give it the value "in progress." 
In the example represented in Fig. 3, two individual certification requests are created for the 
two public keys of the pairs of keys created for Herve and Lucie, respectively. Several 
individual requests for certifying pairs of keys can be created for a given subject, each request 
corresponding to a given certification authority and hence to a particular model certification. 

Once the individual requests have been created for each subject, the local registration 
authority 5 deletes from the central security base 7 the object "multiple request for creating 
and certifying pairs of keys" in question when the scheduling attribute requires it, i.e., when it 
indicates that the multiple request in question should be executed only once. 

The local registration authority 5 sends one certification request per individual 
certification request created to the certification authority 12 in question. The content of the 
certification request corresponds to that of the individual certification request; only its 
structure is modified so as to be adapted to the communication means used to connect the 
local registration authority 5 to the certification authority 12. The certification request is 
signed with the private key of the local registration authority 5 in order to guarantee the 
source of the request. The status of each certification request is then updated; the local 
registration authority 5 gives the attribute of the individual certification request relative to the 
status of the procedure the value "sending a request." The certification authority 12 stores the 
request. The certification authority 1 2 is capable at any time of producing a certificate signed 
with its private key. The connection mode between the certification authority 12 and the local 
registration authority 5 may be synchronous or asynchronous. In an asynchronous mode, the 
local registration authority 5 comprises means for processing certificates as they are received. 
Upon reception of the certificate in question, the local registration authority 5 changes the 
value of the attribute of the individual request in question relative to the status of the 
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certification to give it the value "done." The local registration authority 5 destroys the 
individual certification request in question and creates an object of the certificate type in the 
central security base 7. In the example of Fig. 3, two certificates are stored, respectively, for 
Herve and Lucie. 

In the event that the certification authority 1 2 does not succeed in creating, or refuses 
to create, a certificate, it transmits an error message to the local registration authority 5. The 
local registration authority 5 changes the value of the attribute of the individual request in 
question relative to the status of the certification to give it the value "process ended with an 
error message." 

The subjects stored in the central security base 7 that do not have any pairs of keys, or 
for whom a pair of keys has been requested by the administrator, or whose certificate has 
been revoked and whose new pair of keys has been requested after this revocation, are 
automatically equipped by the process and the system according to the invention with pairs of 
keys and associated certificates. 

The process according to the present invention also consists of: 

• searching in storage means 7 for at least one pair of asymmetric keys for the public, 
key for which a certificate must be created; 

• creating at least one individual request for certifying the public key; 

• transmitting a request corresponding to said individual certification request to a 
certification authority 12, which issues a certificate in accordance with said request. 
The search in the central security base 7 is performed periodically. The periodic 

wakeup mechanism 6 periodically activates the local registration authority 5. The activation 
period of the local registration authority 5 can be modified by the administrator. 

According to one particular embodiment of the invention, the local registration 
authority 5 activated by the periodic wakeup mechanism 6 searches for all the multiple 
requests for certifying public keys stored in the central security base 7 wherein the scheduling 
attribute corresponds to an execution date that has arrived or passed. The local registration 
authority 5 gives the attribute relative to the status of the multiple request in question the 
value "pending." 

For each of the multiple certification requests found, the local registration authority 5 
searches for all of the subjects involved in the request in question for which a condition in 
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which it is necessary to certify at least one pair of keys is fulfilled (lack of a certificate and a 
corresponding individual certification request, expiration of the validity period of the 
certificate during the activation period of the local registration authority 5, revocation of the 
certificate). The condition "certification requested by an administrator" is only considered 
when an administrator requests a new certificate for a given pair of keys through the 
man/machine interface, as will be seen below. For each subject found, it creates individual 
requests for certifying pairs of keys from the multiple certification requests in question. To do 
this, the local registration authority 5 communicates with the central security base 7. It 
retrieves from the central security base 7 the information it needs to construct each of said 
individual requests, including the model certificate. The multiple request indicates the model 
certificate to be used, based on the set in which the pair of keys in question is found. The 
model certificate specifically contains the certification authority and the extensions. From the 
extensions, the local registration authority 5 obtains the encoding rules that make it possible 
to encode the data to be entered into the certificate. It applies said rules in order to encode the 
extensions into the certificate contained in the individual certification request in question. The 
local registration authority 5 gives the attribute relative to the status of the individual request 
in question value "in progress." 

Several individual requests for certifying a pair of keys can be created for a given 
subject. Each individual request corresponds to a given certification authority and hence to a 
particular model certificate. 

The administrator can, at any time, request the certification of a given pair of keys 
from the man/machine interface 4; the administrator enters all the information necessary to 
the creation of an individual request, including the model certificate; the authority can then 
directly create said individual certification request for the given subject. The condition 
"certification requested by an administrator," in which it is necessary to create at least one 
certificate, is fulfilled. It gives the attribute relative to the status of the individual request in 
question the value "in progress." The process then works as described below. 

Once the individual requests have been created for each subject found, the local 
registration authority 5 deletes from the central security base 7 the object "multiple requests 
for certifying pairs of keys" when the scheduling attribute requires it, i.e., when it indicates 
that the multiple request in question should be executed only once. 
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The local registration authority 5 sends one certification request per individual 
certification request created to the certification authority 12 in question. The content of the 
certification request corresponds to that of the individual certification request; only its 
structure is modified so as to be adapted to the communication means used to connect the 
local registration authority 5 to the certification authority 12. The certification request is 
signed with the private key of the local registration authority 5 in order to guarantee the 
source of the request. The status of each certification request is then updated; the local 
registration authority 5 gives the attribute of the individual certification request relative to the 
status of the procedure the value "sending a request." The certification authority 12 stores the 
request. The certification authority 1 2 is capable at any time of producing a certificate signed 
with its private key. The mode of connection between the certification authority 12 and the 
local registration authority 5 can be synchronous or asynchronous. In an asynchronous mode, 
the local registration authority 5 comprises means for processing certificates as they are 
received. 

In the event that the certification authority 1 2 does not succeed in creating, or refuses 
to create, a certificate, it transmits an error message to the local registration authority 5. The 
local registration authority 5 changes the value of the attribute of the individual request in 
question relative to the status of the certification to give it the value "process ended with an 
error message." 

Upon reception of the certificate in question, the local registration authority 5 changes 
the value of the attribute of the individual request in question relative to the status of the 
certification to give it the value "process done." The local registration authority 5 destroys the 
corresponding individual certification request and creates an object of the certificate type in 
the central security base 7. 

The subjects stored in the central security base 7 that are equipped with pairs of keys 
and lack certificates, or for which a new certificate has been requested, or whose certificate 
expires during the activation period of the local registration authority 5, or whose certificate 
has been revoked, are automatically provided by the process according to the invention with 
certificates, new certificates, or renewed certificates, respectively. 

The man/machine interface 4 of the central management service 3 is provided with a 
trace function. The trace function enables the administrator to trace the various steps of the 
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process according to the invention and to intervene if a deadlock occurs during the creation or 
certification of a pair of keys. When the administrator wishes to, he calls the trace function of 
the man/machine interface 4; the trace function searches in the central security base 7 for all 
the individual requests currently in progress and communicates them to the administrator. 
5 The administrator can read, using the trace function of the man/machine interface, the 

attribute relative to the status of the creation of a pair of keys as well as well as the attribute 
relative to the status of the certification. When the attribute has the value "process ended with 
an error message," the administrator can delete the request in question or re-send it. 

At any time, the administrator, using the man/machine interface 4, can request the 
10 creation of a pair of keys and/or the certification of a pair of keys for a given subject. In this 
case, the wakeup mechanism 6 activates the local registration authority as soon as the creation 
request and/or the creation and certification request has been entered by the administrator. 

Other embodiments of the process and the system according to the present invention 
are conceivable. 

1 5 For example, the local registration authority 5 can search for all of the subjects for 

which of keys must be produced, then search for the associated multiple requests. 
The process according to the present invention therefore consists of: 

• searching in storage means 7 for at least one subject for which a pair of asymmetric 
keys and an associated certificate must be created; 

20 • creating at least one individual request for creating and certifying a pair of asymmetric 
keys for said subject; 

transmitting a request corresponding to said individual creation and certification 
request to a key generating center 8, which issues a pair of asymmetric keys in 
accordance with said request; 
25 • creating at least one individual request for certifying the public key created for said 
subject; 

• transmitting a request corresponding to said individual certification request to a 
certification authority 12, which issues a certificate in accordance with said request. 
A pair of keys must be created for a given subject when said subject lacks a pair of 

30 keys and a corresponding individual creation and certification request, or when a pair of keys 
has been requested for said subject, or when the certificate of a pair of keys for said subject 
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intended for an identical use has been revoked and a new pair of keys has been requested. 
The process is executed periodically. 

It creates each individual request from a corresponding multiple creation and 
certification request stored in the storage means 7 relative to a set of subjects belonging to a 
preset list or to a set of subjects defined by predetermined criteria, as well as to model pairs of 
keys and associated model certificates for the set in question. 

The process consists of searching in each of the multiple creation and certification 
requests of the system for all of the subjects in a condition such that a pair of keys must be 
created. 

The process according to the present invention also consists of: 

• searching in storage means 7 for at least one pair of asymmetric keys for which a 
certificate must be created; 

• creating at least one individual request for certifying the public key; 
transmitting a request corresponding to said individual certification request to a 
certification authority 12, which issues a certificate in accordance with said request. 
A certificate must be created for a given subject when said subject lacks a certificate 

and an individual certification request, or when a certificate has been requested for said 
subject, or when the certificate of a pair of keys for said subject expires, or when the 
certificate of a pair of keys has been revoked. 
The process is executed periodically. 

A certificate must be created for a given subject when the certificate expires during 
said period. 

The process creates each individual request from a corresponding multiple 
certification request stored in the storage means 7 relative to a set of pairs of keys for subjects 
belonging to a preset list or to a set of pairs of keys for subjects defined by predetermined 
criteria, as well as to model certificates associated with the set in question. 

The process consists of searching in each of the multiple certification requests of the 
system for all of the subjects in a condition such that a certificate must be created. 

Each multiple request comprises an attribute relative to at least one execution date, 
and the process according to the invention consists of including in the search only the 
multiple requests whose execution date has arrived. 
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The process according to the invention consists of performing the encoding of one or 
more extensions in accordance with one or more of the given rules and of entering the 
encoded extension or extensions into the individual certification request during the creation of 
the latter. 

It also consists of changing the value of an attribute contained in each of the 
individual requests to indicate its status. 

The present invention also relates to the computer system 1 that makes it possible to 
create and manage objects, particularly pairs of asymmetrical cryptographic keys and 
certificates associated with the pairs of keys, the pairs of keys and the certificates being 
intended for subjects managed by said system, characterized in that it comprises means for 
automating the creation and/or certification of at least one pair of keys for each subject 
managed by the system 1 . 

The system 1 comprises at least: 

• a central management service 3 capable of creating, updating and consulting the 
objects and the subjects managed by said system; 

• a local registration authority 5 capable of handling the creation and/or certification of 
keys intended for an object; 

a central security base 7 containing the subjects and objects managed by the system 
with which the local registration authority communicates; 

• a key generating center 8 capable of creating at least one pair of keys at the request of 
the local registration authority 5 with which it communicates; 

the system 1 having access to at least one certification authority 12 capable of creating a 
certificate at the request of the local registration authority 5. 

It comprises a mechanism 6 for periodically waking up the local registration authority 

5. 

The present invention also relates to a process for creating and managing symmetrical 
cryptographic keys, each key being intended for a subject managed by a computer system 1, 
characterized in that it consists of: 

• searching in storage means 7 for at least one subject for which a symmetric key must 
be created; 

• creating at least one individual request for creating a symmetric key for said subject; 



TYSO01 :9107358v60|T21 47-90631 3|O3\23\O0 



21 




T21 47-9063 13/BULL 3771-PB (CALVEZ) 



• transmitting a request corresponding to said individual creation request to a key 

generating center 8, which issues a symmetric key in accordance with said request. 

It relates to the computer system 1 that makes it possible to create and manage 
objects, particularly symmetrical cryptographic keys, the keys being intended for subjects 
managed by said system, in that it comprises means for automating the creation of at least one 
key for each subject managed by the system 1 . 

Thus, the process and the system according to the invention make it possible to 
automatically create and manage cryptographic keys and their associated certificates in the 
case of asymmetric keys. They also make it possible to avoid having to create individual 
requests for each user and thus to lessen the workload of the administrator. The multiple 
requests simplify the creation and the management of public/private keys. 

The management of the certification of public keys is guaranteed in spite of the 
asynchronous mode of communication between the certification authority 12 and the server 2. 

The expiration time of the certificates is monitored in order to ensure an automatic*. 
renewal of the certificates. 

The extensions are processed by the system 1 . 

The monitoring of the creation and certification of pairs of keys is possible by means 
of the central management service, and more particularly the man/machine interface. 
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